Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Nfs-utils rpc.statd Multiple Remote Format String Vulnerabilities

Information

Severity

Severity

Critical

Family

Family

RPC

CVSSv2 Base

CVSSv2 Base

10.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

12 years ago

Modified

Modified

5 years ago

Summary

The host is running statd service and is prone to multiple remote format string vulnerabilities.

Insight

Insight

The flaws are due to errors in rpc.statd/kstatd daemons logging system. A call to syslog in the program takes data directly from the remote user, this data could include printf-style format specifiers.

Solution

Solution

Upgrade to latest of nfs-utils version 0.1.9.1 or later.

Common Vulnerabilities and Exposures (CVE)